Provider "scanner": Forbidden: not usable by user or serviceaccount

[rkrbaddam]

Hello Team

Can you please help me on below

I'm currently implementing Cloud Native Feature-Flagging using the OpenFeature Operator.

I've followed all the steps outlined in https://openfeature.dev/docs/tutorials/ofo to install the OpenFeature Operator in our OCP cluster.

The only deviation is that instead of using the demo-app workload provided in end-to-end.yaml, I'm utilizing my own Spring Boot Java deployment. I've added the following annotations to configure flagD as a sidecar:

annotations:
openfeature.dev/enabled: 'true'
openfeature.dev/featureflagsource: flag-sources

However, we're encountering the following error after adding the annotations:

pods "********" is forbidden: unable to validate
against any security context constraint: [provider "scanner": Forbidden:
not usable by user or serviceaccount, provider "anyuid": Forbidden: not
usable by user or serviceaccount, provider nfs-scc:
.containers[1].runAsUser: Invalid value: 65532: must be in the ranges: [**********, **********]
pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/flagd]:
Forbidden: seccomp may not be set, --------------------

[beeme1mr]

Hey @rkrbaddam, it looks like your OCP cluster has a security context constraint that doesn't allow the image to run using the default non-root user. Here is where we're setting the user and group. Please either update your security policy to allow a container to run as 65532.